[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 5 21:12:37 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fee3ca59 by security tracker role at 2024-09-05T20:12:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2024-8473 (Cross-Site Scripting (XSS) vulnerability, whereby user-controlled inpu ...)
+	TODO: check
+CVE-2024-8472 (Cross-Site Scripting (XSS) vulnerability, whereby user-controlled inpu ...)
+	TODO: check
+CVE-2024-8471 (Cross-Site Scripting (XSS) vulnerability, whereby user-controlled inpu ...)
+	TODO: check
+CVE-2024-8470 (SQL injection vulnerability, by which an attacker could send a special ...)
+	TODO: check
+CVE-2024-8469 (SQL injection vulnerability, by which an attacker could send a special ...)
+	TODO: check
+CVE-2024-8468 (SQL injection vulnerability, by which an attacker could send a special ...)
+	TODO: check
+CVE-2024-8467 (SQL injection vulnerability, by which an attacker could send a special ...)
+	TODO: check
+CVE-2024-8466 (SQL injection vulnerability, by which an attacker could send a special ...)
+	TODO: check
+CVE-2024-8465 (SQL injection vulnerability, by which an attacker could send a special ...)
+	TODO: check
+CVE-2024-8464 (SQL injection vulnerability, by which an attacker could send a special ...)
+	TODO: check
+CVE-2024-8463 (File upload restriction bypass vulnerability in PHPGurukul Job Portal  ...)
+	TODO: check
+CVE-2024-8462 (A vulnerability was found in Windmill 1.380.0. It has been classified  ...)
+	TODO: check
+CVE-2024-8461 (A vulnerability, which was classified as problematic, was found in D-L ...)
+	TODO: check
+CVE-2024-8460 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-8445 (The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all ...)
+	TODO: check
+CVE-2024-8395 (FlyCASS CASS and KCM systems did not correctly filter SQL queries, whi ...)
+	TODO: check
+CVE-2024-8363 (The Share This Image plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2024-7884 (When a canister method is called via ic_cdk::call* , a new Future Call ...)
+	TODO: check
+CVE-2024-7605 (The HelloAsso plugin for WordPress is vulnerable to unauthorized modif ...)
+	TODO: check
+CVE-2024-7591 (Improper Input Validation vulnerability in Progress LoadMaster allows  ...)
+	TODO: check
+CVE-2024-7381 (The Geo Controller plugin for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2024-7380 (The Geo Controller plugin for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2024-6929 (The Dynamic Featured Image plugin for WordPress is vulnerable to Store ...)
+	TODO: check
+CVE-2024-6894 (The RD Station plugin for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2024-6332 (The Booking for Appointments and Events Calendar \u2013 Amelia Premium ...)
+	TODO: check
+CVE-2024-5957 (This vulnerability allows unauthenticated remote attackers to bypass a ...)
+	TODO: check
+CVE-2024-5956 (This vulnerability allows unauthenticated remote attackers to bypass a ...)
+	TODO: check
+CVE-2024-5309 (The Form Vibes \u2013 Database Manager for Forms plugin for WordPress  ...)
+	TODO: check
+CVE-2024-45589 (RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 imprope ...)
+	TODO: check
+CVE-2024-45401 (stripe-cli is a command-line tool for the payment processor Stripe. A  ...)
+	TODO: check
+CVE-2024-45392 (SuiteCRM is an open-source customer relationship management (CRM) syst ...)
+	TODO: check
+CVE-2024-45178 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)
+	TODO: check
+CVE-2024-45176 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)
+	TODO: check
+CVE-2024-45175 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)
+	TODO: check
+CVE-2024-45173 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)
+	TODO: check
+CVE-2024-45171 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)
+	TODO: check
+CVE-2024-45159 (An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, wh ...)
+	TODO: check
+CVE-2024-45158 (An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer o ...)
+	TODO: check
+CVE-2024-45157 (An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1 ...)
+	TODO: check
+CVE-2024-45107 (Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.0 ...)
+	TODO: check
+CVE-2024-45098 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass int ...)
+	TODO: check
+CVE-2024-45097 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass int ...)
+	TODO: check
+CVE-2024-45096 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access t ...)
+	TODO: check
+CVE-2024-44728 (Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Sc ...)
+	TODO: check
+CVE-2024-44727 (Sourcecodehero Event Management System1.0 is vulnerable to SQL Injecti ...)
+	TODO: check
+CVE-2024-44587 (itsourcecode Alton Management System 1.0 is vulnerable to SQL Injectio ...)
+	TODO: check
+CVE-2024-42885 (SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an a ...)
+	TODO: check
+CVE-2024-42491 (Asterisk is an open-source private branch exchange (PBX). Prior to ver ...)
+	TODO: check
+CVE-2024-24759 (MindsDB is a platform for building artificial intelligence from enterp ...)
+	TODO: check
+CVE-2023-51712 (An issue was discovered in Trusted Firmware-M through 2.0.0. The lack  ...)
+	TODO: check
 CVE-2024-8178 (The ctl_write_buffer and ctl_read_buffer functions allocated memory to ...)
 	NOT-FOR-US: FreeBSD
 CVE-2024-7627 (The Bit File Manager plugin for WordPress is vulnerable to Remote Code ...)
@@ -135371,8 +135471,8 @@ CVE-2022-4531
 	REJECTED
 CVE-2022-4530
 	REJECTED
-CVE-2022-4529
-	RESERVED
+CVE-2022-4529 (The Security, Antivirus, Firewall \u2013 S.A.F plugin for WordPress is ...)
+	TODO: check
 CVE-2022-4528
 	REJECTED
 CVE-2022-4527 (A vulnerability was found in collective.task up to 3.0.8. It has been  ...)
@@ -141803,7 +141903,7 @@ CVE-2021-4241 (A vulnerability, which was classified as problematic, was found i
 CVE-2021-4240 (A vulnerability, which was classified as problematic, was found in php ...)
 	NOT-FOR-US: phpservermon
 CVE-2022-45442 (Sinatra is a domain-specific language for creating web applications in ...)
-	{DLA-3264-1}
+	{DLA-3877-1 DLA-3264-1}
 	- ruby-sinatra 3.0.5-2 (bug #1025125)
 	NOTE: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw
 	NOTE: https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b (v3.0.4)
@@ -151594,8 +151694,8 @@ CVE-2022-3558 (The Import and export users and customers WordPress plugin before
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3557
 	RESERVED
-CVE-2022-3556
-	RESERVED
+CVE-2022-3556 (The Cab fare calculator plugin for WordPress is vulnerable to Stored C ...)
+	TODO: check
 CVE-2022-3555
 	REJECTED
 CVE-2022-3554
@@ -172923,6 +173023,7 @@ CVE-2022-2311 (The Find and Replace All WordPress plugin before 1.3 does not san
 CVE-2022-2310 (An authentication bypass vulnerability in Skyhigh SWG in main releases ...)
 	NOT-FOR-US: Skyhigh SWG
 CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of service ...)
+	{DLA-3878-1}
 	- lxml 4.9.1-1 (bug #1014766)
 	[bullseye] - lxml <no-dsa> (Minor issue)
 	[buster] - lxml <no-dsa> (Minor issue)
@@ -187936,7 +188037,7 @@ CVE-2022-29972 (An argument injection vulnerability in the browser-based authent
 CVE-2022-29971 (An argument injection vulnerability in the browser-based authenticatio ...)
 	NOT-FOR-US: Magnitude Simba Amazon Athena ODBC Driver
 CVE-2022-29970 (Sinatra before 2.2.0 does not validate that the expanded path matches  ...)
-	{DLA-3166-1}
+	{DLA-3877-1 DLA-3166-1}
 	- ruby-sinatra 2.2.2-1 (bug #1014717)
 	NOTE: https://github.com/sinatra/sinatra/commit/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e (v2.2.0)
 CVE-2022-29969 (The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rs ...)
@@ -549481,6 +549582,7 @@ CVE-2016-3710 (The VGA module in QEMU improperly performs bounds checking on ban
 	NOTE: http://xenbits.xen.org/xsa/advisory-179.html
 	NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
 CVE-2016-3709 (Possible cross-site scripting vulnerability in libxml after commit 960 ...)
+	{DLA-3878-1}
 	- libxml2 2.9.12+dfsg-3
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://mail.gnome.org/archives/xml/2018-January/msg00010.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fee3ca59f208cbe36b5e9bef5ea409deedd6cc29

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fee3ca59f208cbe36b5e9bef5ea409deedd6cc29
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240905/b0528538/attachment.htm>

More information about the debian-security-tracker-commits mailing list